Oligo Security launched out of stealth on Wednesday with its runtime software safety platform for detecting vulnerabilities in open supply parts. Oligo generates a dynamic invoice of supplies (BOM), identifies vulnerabilities in packages, and units repair priorities for vulnerabilities primarily based on software context.
Some of essentially the most damaging cyberattacks up to now couple of years originated in open supply packages included inside massive, complicated methods. For instance, Log4Shell assaults continued all through most of 2022 as a result of many organizations did not even understand they had been working a weak model of Log4j. Oligo generates a dynamic BOM that exhibits all of the parts which might be truly working, which helps set up which vulnerabilities to repair first.
Oligo profiles the legit conduct of every library and creates a information base of libraries’ profiles. The platform fires alerts when the library exercise deviates from the profile, as that may point out suspicious exercise.
“Only 15% of CVEs scanned with conventional options are posing an actual threat, and the opposite 85% are irrelevant, leading to a number of false positives and noise,” Avshalom Hilu, co-founder and chief product officer of Oligo, wrote in a technical weblog put up. Reducing false positives and focusing on mitigation extra tightly will help safety workers shut essentially the most harmful flaws first and scale back alert fatigue.
The firm bases its product on prolonged Berkeley Packet Filter (eBPF), which permits applications to run in a sandbox inside the Linux working system kernel. This means builders can prolong the OS to enhance visibility, networking, safety, and different capabilities to make utilizing containers within the cloud safer.
With the dominance of cloud computing and increasing use of containerization instruments like Kubernetes, eBPF is seeing traction. The general container safety market is predicted to rise from $714 million in 2020 to $3.6 billion by 2026, and as much as $8.2 billion by 2030. Besides Oligo, different eBPF startups within the cybersecurity house embody Araali Networks, which presents an eBPF-based firewall; Cilium, an open supply Kubernetes connectivity device; Falco and Aqua, which make Kubernetes runtime safety instruments; and Calico, a cloud-native safety firm.
Oligo raised its $28 million funding from Lightspeed Venture Partners, Ballistic Ventures, and TLV Partners, together with a number of angel buyers.